Posted
by
Unknown Lameron Monday April 28, 2014 @07:40PM
from the keep-telling-yourself-that dept.

Daniel_Stuckey (2647775) writes "If you were anywhere near the internet last week, you would have come across reports of 'DarkMarket', a new system being touted as a Silk Road the FBI could never seize. Although running in a similar fashion on the face of things — some users buy drugs, other sell them — DarkMarket works in a fundamentally different way to Silk Road or any other online marketplace. Instead of being hosted off a server like a normal website, it runs in a decentralized manner: Users download a piece of software onto their device, which allows them to access the DarkMarket site. The really clever part is how the system incorporates data with the blockchain, the part of Bitcoin that everybody can see. Rather than just carrying the currency from buyer to seller, data such as user names are added to the blockchain by including it in very small transactions, meaning that its impossible to impersonate someone else because their pseudonymous identity is preserved in the ledger. Andy Greenberg has a good explanation of how it works over at Wired. The prototype includes nearly everything needed for a working marketplace: private communications between buyers and sellers, Bitcoin transfers to make purchases, and an escrow system that protects the cash until it is confirmed that the buyer has received their product. Theoretically, being a decentralized and thus autonomous network, it would still run without any assistance from site administrators, and would certainly make seizing a central server, as was the case with the original Silk Road, impossible."

I don't want colleagues or (future) employers to know what music I listen to, what my political preference is, where I go for entertainment, what kind of kinky fetishes I might have and such. I don't like targeted ads, since they tend to target me in any situation, private or not, with ads that are also based on my *personal* preferences.

Even if all I do is legal *now*, it may be illegal in the future and frowned upon when people watch logs.

Keep in mind that every person commits two felonies and dozens of misdemeanour's every day. If everything you do is tracked, you will get penalized for all af them, putting *everyone* in prison. Laws are there so that if somebody really crosses a boundary that society won't accept, there is a fair reason to put them trough court. If we start to automatically punish everyone for every crime they commit, because we give up privacy, our world stops functioning. We need privacy to remain the default in order to function as individuals *and* as a society.

Yes, privacy isn't the same as anonymity but in order to remain private in the current society you almost always need anonymity if you're doing it online, so in practice they are synonymous.

It's a paraphrase of Cardinal Richelieu, who not only made the following quote, but practiced what he described: "Show me six lines written by the most honest man in the world, and I will find enough therein to hang him."

When the powerful can manipulate their societies into killing as they see fit, it's best to give them as little excuse as possible. The sitting US president claims that he can legally kill Americans on American soil without trial.

> Protip - "Uncle Sam has no business in my business" is pretty damn asinine. Because it's pretty clear that he DOES,

In my world, Uncle Sam has no business, but resumes to collect all meta-data of any communication that I do, and for some states even all communication, just because he can. He's called upon it, but the answer is clear: I'll continue to do it because I can. I'm the dominant military power on Earth, I don't have to care for international rights, for human dignity, for justice. Uncle Sam t

Yeah, we're working on it. We have a system to correct this crap, hopefully we'll use it. In the meantime, make sure yours is just as transparent as you want ours to be. Maybe even show us the way. It would really help out, if you are indeed using the ideas our founders gave you....

Oh, and the NSA et. al. also spy on all the US citizens. Its not like they really tried hard to avoid it. They can have any non-US entity do it for them and share the results. We're all sorta in this together, us humans.

The property that makes cash convenient in real life is the same one that make it anonymous: it's decentralized. Why should the situation be any different online (excepting technology lag and first-to-market effects)?

Most people use cash because it's fast and convenient, not because it's anonymous. When people use cash specifically for it's anonymity, it's usually to buy drugs.

[citation needed]

You assume everyone thinks like you do. Many people don't. I'm not the only person who uses cash for almost all my regular shopping because anonymity. Not because I'm afraid of the police (unless they've outlawed strawberries and tooth paste), but because I don't want corporations to profile me for more targeted advertisement.

With you up until the the ID card stuff. Whilst our (UK) Gov. (Previous nuLab and current Con) seem to keep trying to foist ID cards on us we've been able to stop them so far. Odd that both nuLab and Con have both been mostly against it whilst in opposition, then seem all gung-ho for ID cards when they get voted in. Makes you wonder what the hell changes when they get the keys to No 10!

So I too see ID Cards in that very "papers please" light. They are a tool that gives power to the Gov and adds nothing to

Points a) and b) are not as prevalent as you'd think - Americans don't all 'live on credit'. You do see a lot of card-based transactions, but they're either debit transactions or credit transactions of convenience. I'm not sure what the UK equivalent is, but funds I spend via my debit card (looks just like a credit card; even has Visa on it) come directly from my bank account linked to that card. It's like a card-based check (cheque to you). Debit card volume in the US exceeds credit card usage [nerdwallet.com].

I'm also in Europe, but probably not exactly the same place as you. But having been to the US many times, I agree that there are a lot of cultural differences, and I suspect most Europeans are much more aware of these differences than most Americans.

At least in Norway, which is my home country, debit cards are the norm when paying for things - the only places I generally pay cash is when I get a beer from the beer-fridge at the room of the student orchestra I'm sometimes hanging out with in the basement of

but I don't realize that the transaction is "I'll buy 6 of your kidnapping victims for my snuff film," then my public key that allows them to rate me as a fine arbiter for the transaction also links me right in as an accessory to murder.

Does the guy work for "DARK SHIPMENTS ANONYMOUS - ANYTHING DELIVERED ANY TIME OF DAY TO ANYWHERE, BUT NOTHING ILLEGAL, HEH HEH HEH Incorporated"? If he does, there's a pretty easy case that he's an accessory.

Exactly, it requires the delivery person to know that what he does is shady, and can be illegal. This is not possible in a market where both legal (weed is pretty common in these markets and pretty much legal) and illegal stuff can happen.

You are naive. This piece of software has probably not seen one single competent analysis even now.

You'd be surprised. The union of people who are competent with IDA Pro (and similar tools) and people interested in Bitcoin is a surprisingly large set. Find a provable backdoor in an application like this and you've got yourself a very good candidate for at least a DEFCON talk, maybe a job at Matasano.

Considering how long it too to find Heartbleed and that it was found not by source-code analysis but because some people noticed extra bytes in the keep-alive messages, people feeling secure using this thing are likely just kidding themselves. And if there is any real crypto in it, the typical ordinary "hacker" with a big ego and rather pathetic skills does not stand a chance to find or understand anything.

You say that as if they aren't behind all of this already? Who's to say that Silk Road, Bit Coin, TOR etc aren't all just honeypot projects for the NSA?
I mean if I was in charge that's the way I'd do it. Let all the small players continue doing business on you Darknet until someone gets too big for their boots then you take them out. I know it sounds a bit Hollywood, but it would the most effective means of control.

1) If you are spending large amounts of money, picking up a 2-300 netbook or websurfer as a burner PC isn't really a big deal. You only use it for that activity. Bonus is you can lock it down with encryption etc... without interfering with your normal PC.2) It may be about illegal activities, but not all illegal activities are illegal everywhere. Not all illegal drugs are cocaine or meth. Maybe you want to buy a generic cancer treatment drug from India that costs 200$ rather than 5,000$ dolla

I've heard this argument since the beginning of time with regards to open source, but is there anybody on earth that could "review the source code" for an entire platform?

Of course not.

How is that relevant to reviewing the source for this markeplace client, and deciding if it's safe or malicious? Or do you think there might be hidden malicious code in your OS that is activated by running this apparently-innocuous application?

Well, if this client is as crufty and badly-written as OpenSSL (which I've been complaining about for years), then you may have a point.

Irony: Where you have the skill to completely understand that a major software program is "crufty and badly-written" but don't do anything other than complain about it "for years".

I had one or two other things to do. Still, I take your point, because everyone I know who looked at the OpenSSL source was terrified by it. Its sheer nastiness deterred people from trying to do anything to fix its nastiness, but everyone kept using it because (a) there wasn't any good alternative and (b) everyone else kept using it.

You should rather also review the firmware of your USB mouse, I'd rather expect an exploit in there than in the driver. The USB negotiation between device and computer work on a much lower level than the driver, and without any pesky interference from UAC or other controlling instances.

If you were anywhere near the internet last week, you would have come across reports of 'DarkMarket'

Can we get some editors to remove this crap? It's just a stupid marketing gimmick -- "What, you haven't heard of [PRODUCT_NAME]? You must be living under a rock! Everyone who's anyone knows about [PRODUCT_NAME]!"

that's not how slashdot works. This is a truly free speech zone. That's what moderation is for. It buries but never deletes which is a much better system. For those who truly want to read everything set to -1 and fill your boots. For the rest of us set it from 1 to 5 as per your own preference and you can avoid reading totally horrible stuff.

Maybe I'm confused, but it sounds to me like what 'DarkMarket' is doing is irrevocably marking some transactions as being associated with DarkMarket. That strikes me as much like writing 'I was used to buy drugs' on a $50 note except that someone can check the entire transaction history of the $50 note back to the beginning of time.

I guess it will be interesting for researchers assess the proportion of BC that is being used for dubious purposes (unless you actually believe things like 'banned books' are going to be traded on DarkMarket except at the very margins), and feds who want to find people selling drugs (because BC itself is not anonymous [bitcoin.org]).

I've always thought the banking systems should be replaced by decentralized servers, where each individual has a banking server. So instead of going to a central bank for processing, transactions would be issued to the server for the "account" instead.

I figure the government wouldn't like that much.

And most people wouldn't like it because you wouldn't have guaranteed deposits with such a system.

But you could just as easily shift the focus of the banking cartels to being the hosts for such decentrali

Wow, what a flawless system! Except...
You show up in person to buy or sell drugs and it's a sting. You mail them and it gets seized or the target and/or sender gets arrested via tracking. Or you mail them to a central escrow hub that also gets traced and arrested and shut down. What a great set of 3 options.

I might be missing something, but isn't it usually easier to get a back door into software than to seize a server? Reading the articles it's using or piggybacking on P2P, but you have to get the software from -somewhere- initially, and I assume there will be updates. Even if those updates are pushed out via the integrated P2P network, I'd imagine there's still ways they could compromise it. And wouldn't the tracking of user names make things more dangerous should the software be compromised?

And? If there's no middle man then ultimately someone (in this case it sounds like the buyer) has total control over the transaction. It doesn't matter what UPS says, if they don't want to release the funds they don't have to.

In a dark market like this the ONLY protection you have against fraud is the other party's reputation.

And? If there's no middle man then ultimately someone (in this case it sounds like the buyer) has total control over the transaction. It doesn't matter what UPS says, if they don't want to release the funds they don't have to.

In a dark market like this the ONLY protection you have against fraud is the other party's reputation.

Did you even read the article? It describes how a third party (arbiter) is agreed to by each party. It takes 2 out of 3 signatures to finalize the transaction (minus arbiter fee).

It has an escrow functionality, with an arbiter chosen by consensus between the buyer and the seller. The buyer and the seller can both provide the tracking number to the arbiter, and the arbiter decides who gets the funds: the buyer (effectively reversing the transaction) or the seller (completing it).

I doubt there will be any "legitimate" uses of this particular technology.

However, it may be a model on which we can base future online retail. The existing model is utterly broken: I really don't want databases all over the world holding my username, password, credit card details and billing address waiting for the next SQL or SSL vulnerability to vomit the information into the hands of criminals. Nor do I want to trust, use or respect services like paypal.

View this as an iteration towards a more secure and decentralised system for legitimate commerce which keeps credit card and escrow companies out of the equation. Surely that is a good thing?

I did not mean the pirated movie, I meant the concept of buying something that was forbidden by the laws at the time. I watched DBC in blu-ray from Redbox for $1.50 plus tax.
As I said, Devil's advocate here - There are way too many people, organizations, and governments that want to tell me what to do and how to live my life and I would like a way to "just say no", and do what I want to do with my body, my mind, my money, and as long as it does not infringe on anyone else, its my business and should be

As soon as you decided to trade with someone else, you potentially infringed on someone else, and that's why we have a society with laws to govern it. If you truly don't want to interact with anyone else, you'll have to go find a log cabin somewhere.

Remember, if AZT was in trials during the time period - if it had been found to have fatal side effects, there wouldn't be an oscar-winning movie about the guy... or if there were, he would be the bad guy. He wanted to make money, he got lucky. It happens.

Woodruff WAS the bad guy who smuggled non-effective medicine. He SHOULD have been the bad guy of the movie: "Worse, the real Woodruff rejected the one truly promising drug at the time, AZT, as hopelessly toxic and instead smuggled drugs like Peptide T, which never panned out. " (from Science Based Medicine [sciencebasedmedicine.org]).

A law has to be very, very wrong to have a moral mandate to break it. Most people breaking laws out of "principle" are just doing it because they find the law inconvenient. Laws and rules are the oil of social machinery. Don't be the sand in the crankcase.

I'm rather glad the perpetrators of the Boston Tea Party [wikipedia.org] do not share your beliefs. The thing is, there are just laws and there are unjust laws. At the end of the day, as a thinking individual, it is up to you to decide personally which is which and to further decide whether or not you will obey it. And if you choose not to obey it, to be prepared for the consequences flowing from it.

History is full of examples of people who chose to disobey unjust laws, such as Ms. Rosa Parks [wikipedia.org] who decided that the race segr

Granting the illegal bit, illegal does not equate to "causing harm to someone". Would that it did -- that would be so very rational. However, there are plenty of things one might want to spend money on that are illegal but harm no one but arguably yourself. Drugs is one obvious example, but in many parts of the world buying pornography or sexual toys/aids is illegal, all the way up to being a capital crime. In China or much of the Moslem world, an enormous number of things are illegal that don't harm anyone or anything but the nominal reputation of Islam or Mohammed or Allah, or that represent freedom for repressed majorities like women. We're not really talking only about the relatively permissive US or Western Europe, in other words.

Of course people will use this to do some things that are directly intended to harm others in non-victimless-crime ways: Steal/pirate and resell IP of various sorts, fence stolen goods, arrange for a hit on your alimony-hungry ex-wife (maybe, dunno if that is a "commodity" it can handle), engage in human trafficking, sell arms. But some people will use it to buy freedom from oppressive governments that have made a whole lot of things that harm no one illegal because they violate some statement made in a piece of pure scriptural crack if you squint your eyes just right when you read it. Because there is rarely any percentage in prosecuting crimes of this sort once one cannot detect them or stop them for long enough for violations to become commonplace, it might even motivate social change.

To me personally, the tool is not going to be terribly useful. I'm heterosexual and married, my primary vices are at least quasi-legal and tolerated where I live, and I consider buying stolen goods of most varieties to be unethical. It isn't clear that I'd resort to it if I lived in e.g. a Moslem country and had a thing for porn -- no matter how nominally secure, the penalties are pretty horrendous. But I'm guessing that there are those who will value it who aren't planning to use it to hurt others.

That this site will be used for selling sex toys in "Moslem countries" and maybe unauthorized copies of "Star Wars" or where people in Muslim countries can share Dutch Cartoons or where people in Christian countries can share copies of "Of The Origin of Species."

Then again, maybe it will be like the previous "Silk Road" and be all about opium and kitty porn and services to kill people.

Your heart is in the right place, but your post is a bit of joke in the sense you don't go visit mafia thugs to share free

And I was wrong when I said that I have no vices. I definitely want to buy kitty porn. Would you believe that I've never seen cats doing it? Kitty porn must be rare and hard to get.

I didn't realize that governments regulated it so strictly, though. For the rest of my life, I'll never be able to drive past the Tom Cat Club (a local, err, "massage" parlor that has been around on the US-70 corridor for fifty years or so) without going into hysterics. Purveyors of kitty porn, pictures of hot pussies. Arrg

First point- services granting anonymity are not automatically 'bad' or 'evil' or used to commit crimes. Don't take my word for it, look at what the Turkey government did [freedomhacker.net].

Turkish Prime Minister, Recep Tayyip Erdoan, has continued going forward with the censor spree and is now blocking access to the Tor Project website. Just two days ago, Turkish Prime Minister, Erdoan, blocked access to YouTube, and the week before Twitter. Now Erdoan is continuing his censor reign targ

Citizens of the former East Bloc would disagree that there are no legitimate and righteous reasons for a black market. Mostly, whether a black market is "morally ok" depends on how morally corrupt your laws are.

While I agree in principle on the black market concept, you should also not forget about one small detail about the War on Drugs:

It's a failure

The target is right, but the method isn't. It's got all kinds of problems, but the most important one is that it has utterly and completely failed to reach its goal. Or even come close to it. It's like waging a war against terrorists hiding in Afghanistan and Pakistan by bombing Iraq... oh, wait...

I wouldn't know because I've been fortunate to live in a country that doesn't suffer from fundamentalist, totalitarian rule. Maybe there are some christians in North Korea that would want to buy a bible?

You're obviously struggling to disconnect the tech from what it could be used for though. You're question was why this tech should exist. I gave you a very benign purpose that one could use it for as an example, thinking you could extrapolate on what other uses you might take for granted that not every p

Why, and why? You raise questions and jump to conclusions, but all without answers. Why is this not anonymous (more or less), and what is wrong with the code? Have you reviewed it? Just blind suspicion?

The DarkMarket daemon incorporates a library of commands for peer-to-peer networking known as ZeroMQ, which allows the user’s PC to become a node in a distributed network where every user can communicate directly with every other user.

At the moment, DarkMarket displays only a bare IP address for every user, but the system’s creators say it will eventually show a pseudonym for each one and also allow product searches.

They do mention in the article that this isn't done yet, but this feature - an anonymous buyer being able to reliably, securely reach an anonymous source and transfer real money in exchange for products - seems somewhat central to the whole idea.